TurbotDenialEventMetadata
TurbotDenialEventMetadata
TurbotDenialEventMetadata
null
accountId |
ID | Turbot resource ID of the AWS account where the denial occurred. |
action |
String! | The AWS action that was denied (e.g., s3:CreateBucket). |
createTimestamp |
String | Timestamp when this event was ingested into Turbot. |
denialType |
String | Type of denial source (SCP, IAM, RCP, PermissionBoundary, etc.). |
enrichedAt |
String | Timestamp when this event was enriched with policy/prevention data. |
errorCode |
String | AWS error code (e.g., AccessDenied, UnauthorizedAccess). |
eventId |
String! | Unique identifier for this denial event (from CloudTrail eventID). |
eventTime |
String! | Timestamp when the denial occurred (ISO 8601 format). |
id |
ID! | Unique Turbot identifier for this denial event. |
policyId |
ID | Turbot resource ID of the policy that caused the denial. |
policyName |
String | Name of the policy that caused the denial. |
preventionId |
ID | Turbot resource ID of the linked prevention (if any). |
principalArn |
String | ARN of the principal (user/role) that was denied. |
principalType |
String | Type of principal (IAMUser, AssumedRole, etc.). |
region |
String | AWS region where the denial occurred. |
statementSid |
String | Statement SID within the policy that caused the denial. |